zloader | 3a738adda00a070a9d48413da9a9ae1ef4c83f05be4b3d40edefc632a354d311 | Triage

Sharing

General

Target

3a738adda00a070a9d48413da9a9ae1ef4c83f05be4b3d40edefc632a354d311
Size

344KB
Sample

220327-fzyxtsdfb7
MD5

73c2ec9424087728255ee5d4aa2bed02
SHA1

45dd591d72572ded756b5e7cec54489208874ef4
SHA256

3a738adda00a070a9d48413da9a9ae1ef4c83f05be4b3d40edefc632a354d311
SHA512

c9b6b3e550520ec44a937c0c9728613b3baaea41c7e806c62798b62eeb836b27a02b492bbf9c01798ad7b46429aa817cd25f02a1dc569e47471496cd85e40b40

Score

10^/10

zloader vek 25/11 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

vek

Campaign

25/11

C2

https://notaryjean.com/wp-smarts.php

https://www.transcendereconsultancy.com/wp-smarts.php

https://descopera-romania.com/wp-smarts.php

https://hopeandfuture.org/wp-smarts.php

https://saptezile.com/wp-smarts.php

https://tifortgebinvo.tk/wp-smarts.php

Attributes

build_id
250

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  3a738adda00a070a9d48413da9a9ae1ef4c83f05be4b3d40edefc632a354d311
- Size
  
  344KB
- MD5
  
  73c2ec9424087728255ee5d4aa2bed02
- SHA1
  
  45dd591d72572ded756b5e7cec54489208874ef4
- SHA256
  
  3a738adda00a070a9d48413da9a9ae1ef4c83f05be4b3d40edefc632a354d311
- SHA512
  
  c9b6b3e550520ec44a937c0c9728613b3baaea41c7e806c62798b62eeb836b27a02b492bbf9c01798ad7b46429aa817cd25f02a1dc569e47471496cd85e40b40
Score

10^/10

zloader vek 25/11 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadervek25/11botnettrojan

behavioral2

zloadervek25/11botnettrojan